The AI-powered 10x patch tsunami has arrived. Now what?

May 15th, 2026

1 hr 50 mins 38 secs

Link with Timestamp

Download MP3 (89 MB)

Your Host
Tags
zero-day ransomware nation-state cyberespionage apt research ai

About this Episode

(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.)

Three Buddy Problem - Episode 98: We dive back into the fast16 malware discovery with fresh speculation that it's targeting spherical implosion simulations for Iran's nuclear program, and wonder who on earth is qualified to confirm this.

Plus, thoughts on OpenAI's new three-tier cyber access program, Microsoft's MDASH harness, the 10x Patch Tuesday tsunami, Cloudflare's 1,100 layoffs blamed on AI, and why frontier-lab guardrails may just be elaborate security theater.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Timestamps:
0:00 - Introductory banter
3:19 - fast16 update: spherical implosion simulations?
9:01 - Manhattan Project precedent — why this matches Iran
12:28 - Who can actually reproduce the FAST 16 attack?
19:32 - Google GTIG's "AI-written" zero-day
22:13 - The rise of AI-backend "silent detections"
25:54 - Guardrails as security theater
38:47 - Are the 10x patch numbers real defense?
43:48 - OpenAI's Trusted Access tiers + Microsoft MDASH
53:35 - End of the ‘patch-and-pray’ model
57:50 - Sean Heelan: strict harnesses can make models worse
1:03:51 - Pwn2Own Berlin overflow and bug-density debate
1:12:24 - Cloudflare's 1,100 layoffs and AI as scapegoat
1:27:42 - RCS encryption, Android Intrusion Logging, Seedworm & Kazuar

Episode Links